Hello, I have setup a masq outgoing being eth0 and network being eth1. I also have a default policy of any to any as reject. I have binds9 running on the router and have the LAN systems using the router IP as the dns-namservers. In this configuration, when I ping, I get a Destination Host Unavailable. If I change from REJECT to ACCEPT, I can then ping out. What am I missing so I can ping out and eventually browse the Internet? Thank you very much for your help! Have a great day, Donald S. Doyle President G.E.M. Computer Consulting, LLC 317.250.4448 <http://www.gemcc.com> www.gemcc.com <http://www.gemcc.com/> gem-logo CONFIDENTIALITY NOTICE The materials enclosed with this electronic transmission are private and confidential and are the properties of the sender. The information contained in the material is privileged and is intended only for the use of the individual(s) or entity (ies) named above. If you are not the intended recipient, be advised that any unauthorized disclosure, copying, distribution, or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this electronic transmission in error, please notify us by telephone. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar
On 03/18/2013 06:58 PM, Donald S. Doyle wrote:> I have setup a masq outgoing being eth0 and network being eth1. I also > have a default policy of any to any as reject. I have binds9 running on > the router and have the LAN systems using the router IP as the > dns-namservers. In this configuration, when I ping, I get a > Destination Host Unavailable. If I change from REJECT to ACCEPT, I can > then ping out. What am I missing so I can ping out and eventually > browse the Internet? Thank you very much for your help! >Sounds like you need to add an ACCEPT policy from your local lan zone to the internet zone. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar
Hi Tom, Why didn''t I think of that! Thank you very much! Have a great day, Donald S. Doyle President G.E.M. Computer Consulting, LLC 317.250.4448 www.gemcc.com CONFIDENTIALITY NOTICE The materials enclosed with this electronic transmission are private and confidential and are the properties of the sender. The information contained in the material is privileged and is intended only for the use of the individual(s) or entity (ies) named above. If you are not the intended recipient, be advised that any unauthorized disclosure, copying, distribution, or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this electronic transmission in error, please notify us by telephone. -----Original Message----- From: Tom Eastep [mailto:teastep@shorewall.net] Sent: Tuesday, March 19, 2013 12:01 AM To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] Unable to ping out On 03/18/2013 06:58 PM, Donald S. Doyle wrote:> I have setup a masq outgoing being eth0 and network being eth1. I > also have a default policy of any to any as reject. I have binds9 > running on the router and have the LAN systems using the router IP as > the dns-namservers. In this configuration, when I ping, I get a > Destination Host Unavailable. If I change from REJECT to ACCEPT, I > can then ping out. What am I missing so I can ping out and eventually > browse the Internet? Thank you very much for your help! >Sounds like you need to add an ACCEPT policy from your local lan zone to the internet zone. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar